Android Malware Genome Project will catalog, share Android malware

Amid rising concerns about mobile malware, a group of security researchers is launching an initiative to improve collaboration around mobile threat analysis. They want to encourage researchers to share their malware samples with each other and work together to identify and catalog the hostile software.

The effort, which is led by researchers at NC State, is called the Android Malware Genome Project. The name alludes to the scientific undertaking of gene mapping. The security researchers similarly aim to unravel the constituent parts of Android malware and figure out how it all fits together. They hope that this will eventually pave the way for coming up with better and more proactive defense mechanisms.

According to the project’s website, the malware research collected by NC State has already been shared with 27 other organizations around the world. The recipients appear to all be universities and technology companies.

Due to abuse potential, the malware samples won’t be freely available to everyone on the Internet. Organizations will have to be vetted in order to join the project. It seems somewhat similar to the way that the Center for Disease Control makes deadly real-world viruses available to researchers for legitimate purposes.

A detailed report at the Dark Reading website offers more details about the project, including statements from NC State researchers who are involved. According to the article, NC State’s malware collection includes over 1,200 samples.

Approximately 85 percent of the malware that NC State researchers discovered in the wild was bundled in repackaged versions of genuine apps. Approximately 37 percent of them also exploited operating system vulnerabilities that allow them to gain higher privilege levels. The researchers discovered that mobile security products typically detect only 20 to 80 percent of the malware.

The Android Malware Genome Project could help to combat the growing threat by providing security researchers with the data that they need to get in front of the problem. For more details, you can visit the project’s website.